Steven M. Bellovin wrote:
> On Sun, 19 Mar 2006 09:44:14 -0800, walt <wa1ter@myrealbox.com> wrote:
> 
> 
>> As a temporary workaround until Christos can do the correct fix,
>> just delete line 890 of /usr/src/dist/nawk/b.c and recompile
>> and reinstall /usr/src/usr.bin/awk.
>>
>> Here is the line to be deleted:
>>               assert(c < NCHARS);
>>
>> That should allow us to rebuild the system when the correct
>> fix is committed.
>>
> Note, of course, that deleting that line enables a very clear buffer
> overflow.
> 
> 		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Something like:

nas$ diff /usr/src/dist/nawk/b.c /usr/src/dist/nawk/b.c.orig
890,891c890,891
<               if (c < NCHARS)
<                       f->gototab[s][c] = i;
---
 >               assert(c < NCHARS);
 >               f->gototab[s][c] = i;

would be safer. From the prior assertion:

assert(c == HAT || c < NCHARS);

it follows that c == HAT. I'm unsure what the correct action should be 
in that case.

-- 
John R. Shannon, CISSP
john@johnrshannon.com
jshannon@dsci-usa.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org